forked from a51f733a0cf842ec/qubes-app-split-ssh
-
Notifications
You must be signed in to change notification settings - Fork 4
/
qubes.SshAgent
executable file
·98 lines (84 loc) · 2.88 KB
/
qubes.SshAgent
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/bash
LOGGER="logger -t qubes.SshAgent"
TIMEOUT=10
select_key() {
local QUBES_SSH_DIRECTORY="$HOME/.qubes_ssh/$QREXEC_REMOTE_DOMAIN"
if [ ! -d "$QUBES_SSH_DIRECTORY" ]; then
echo "Directory '$QUBES_SSH_DIRECTORY' not found" | $LOGGER
return
fi
local DEFAULT_FILE="$QUBES_SSH_DIRECTORY/.default"
local DEFAULT_KEY=
if [ -r "$DEFAULT_FILE" ]; then
DEFAULT_KEY=$(cat "$DEFAULT_FILE")
fi
local argc=0
local argv=()
while IFS= read -r -d '' KEY; do
if [ -d "$KEY" ]; then
KEY_BASENAME=$(basename "$KEY")
else
KEY_BASENAME=$(basename "$KEY" .pub)
if [ ! -r "$QUBES_SSH_DIRECTORY/$KEY_BASENAME" ]; then
echo "No private key exists for $KEY" | $LOGGER
continue
fi
fi
# Default key will be already selected in prompt
if [ "$KEY_BASENAME" = "$DEFAULT_KEY" ]; then
argv[$((argc++))]=True
else
argv[$((argc++))]=False
fi
argv[$((argc++))]=$KEY_BASENAME
done < <((find -L "$QUBES_SSH_DIRECTORY" -mindepth 1 -maxdepth 1 -type f -readable -name '*.pub' -print0;
find -L "$QUBES_SSH_DIRECTORY" -mindepth 1 -maxdepth 1 -type f -readable -name '*.pem' -print0;
find -L "$QUBES_SSH_DIRECTORY" -mindepth 1 -maxdepth 1 -type d -readable ! -empty -print0) | sort -z)
if [ $argc -eq 0 ]; then
echo "No SSH keys found in directory '$QUBES_SSH_DIRECTORY'" | $LOGGER
return
fi
local CACHE_FILE="$QUBES_SSH_DIRECTORY/.cache"
local confirm=true
if [ $argc -eq 2 -a -f "$CACHE_FILE" ]; then
local SECONDS=$(cat "$CACHE_FILE")
if [ "$SECONDS" -eq "$SECONDS" ] 2>/dev/null; then
local NOW=$(date +%s)
if [ $SECONDS -eq -1 -o $(stat --format=%Y "$DEFAULT_FILE") -ge $(($NOW - $SECONDS)) ]; then
confirm=
fi
fi
fi
if [ -n "$confirm" ]; then
local SELECTED=$(zenity --list --radiolist --title "SSH key selection" \
--text="Domain $QREXEC_REMOTE_DOMAIN is requesting an ssh key." \
--column=Select --column=Key --width=300 --height=400 \
"${argv[@]}" 2>/dev/null)
else
local SELECTED=${argv[1]}
fi
if [ -n "$SELECTED" ]; then
echo "$SELECTED" >"$DEFAULT_FILE"
echo "$QUBES_SSH_DIRECTORY/$SELECTED"
fi
}
# Start ssh-agent, add key
eval $(umask 0077; ssh-agent) >/dev/null
# Prompt user for key selection
KEY_FILE=$(select_key)
if [ -n "$KEY_FILE" ]; then
if [ -d "$KEY_FILE" ]; then
find "$KEY_FILE" -type f ! -name '*.pub' -execdir chmod -7177 '{}' + 2>&1 | $LOGGER
find "$KEY_FILE" -type f ! -name '*.pub' -execdir ssh-add '{}' + 2>&1 | $LOGGER
else
chmod -7177 "$KEY_FILE" 2>&1 | $LOGGER
ssh-add "$KEY_FILE" 2>&1 | $LOGGER
fi
fi
if [ $TIMEOUT -gt 0 ] ; then
timeout --foreground "$TIMEOUT" socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"
else
socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"
fi
# Clean up
kill $SSH_AGENT_PID 2>/dev/null